Am Mittwoch, 11. Januar 2017 14:23:45 UTC+1 schrieb John Dennis:
> On 01/11/2017 03:21 AM, Opa114 wrote:
> > Am Mittwoch, 11. Januar 2017 00:45:45 UTC+1 schrieb Robert Relyea:
> >> On 01/10/2017 02:07 PM, Opa114 wrote:
> >>> Am Dienstag, 10. Januar 2017 22:24:10 UTC+1 schrieb Robert Relyea:
> >>>> On 01/10/2017 10:18 AM, Opa114 wrote:
> >>>>> thanks, but these facts i know.
> >>>>> I don't want top let multiple applications open one Database, i want to open multiple different Mozilla databases, in the old standard format, with one (my) application.
> >>>>>
> >>>>> I tried to use the NSS_Init functions. These works with openening one database, but when i open a second one the whole application crashes,so that's why i asked the question and may be get some working example c++ code?
> >>>> 1) Where are you crashing (it's not expected to work, but I don't expect
> >>>> a crash because you called NSS_Init again).
> >>>>
> >>>> 2) To open additional databases you want to use SECMOD_OpenUserDB:
> >>>>
> >>>>
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/PKCS11_Functions#SECMOD_OpenUserDB> >>>>
> >>>> You can call that multiple times.
> >>>> Once the database is opened any of the NSS find functions will find all
> >>>> the certs in both databases. The slot returned from SECOMD_OpenUserDB
> >>>> can be used in functions that take a slot to narrow the operations just
> >>>> to that particular database.
> >>>>
> >>>> To NSS each database will look basically like a smart card.
> >>>>
> >>>> When you are through with that database you can use SECMOD_CloseUserDB()
> >>>>
> >>>> bob
> >>>
> >>> thanks for reply. Here are first some little code of which did not work, that means it crashes:
> >>>
> >>> functionLoadFirefox() {
> >>> SECStatus rv = NSS_InitReadWrite(PATH_TO_FF_DB);
> >>> ... if success load Certificates with PK11_ListCerts(PK11CertListAll, NULL);
> >>> NSS_Shutdown();
> >>> }
> >>>
> >>> functionLoadThunderbird() {
> >>> SECStatus rv = NSS_InitReadWrite(PATH_TO_TB_DB);
> >>> ... if success load Certificates with PK11_ListCerts(PK11CertListAll, NULL);
> >>> NSS_Shutdown();
> >>> }
> >>>
> >>> So these are my two functions in which i opened and clos the databases and retrieve the certificates.
> >> So the certs you got from the first call is likely preventing
> >> NSS_Shutdown from completing. The certs hold references to the
> >> respective slots. Those references prevent NSS_Shutdown from closing
> >> completely. The will prevent the second NSS_Init from succeeding, so you
> >> probably crash in your second shutdown. You can detect this happened by
> >> looking at the return value from NSS_Shutdown().
> >>>
> >>> --> 2) To open additional databases you want to use SECMOD_OpenUserDB
> >>> So this means. First i have to call NSS_Init with let's say firefox database ad the i have to call SECMOD_OpenUserDB with the thudnerbirddatabse, right? Or must i load both with the SECMOD_OpenUserDB?
> >> You can either use NSS_Init with no database and then call
> >> SECMOD_OpenUserDB() for both, or you can call NSS_Init with one database
> >> and then call SECMOD_OpenUserDB with the other.
> >>>
> >>> --> Once the database is opened any of the NSS find functions will find all the certs in both databases
> >>> But i have to know from which databse the certificates are coming from. So i need to know that let's say Certificate ABC ist stored inside Firefox Databse and Certificate 123 is stored in Thunerbird Database. How can i do that? or is this not possible?
> >> The slot the database can be found in the cert->slot entry, but this
> >> will only give you ONE of the slots the cert lives in. If a cert exists
> >> in both databases, it will have a single entry on the list and be
> >> "somewhat" random which slot is listed (If you open one database with
> >> NSS_Init and the second with SECMOD_OpenUserDB() then the one you opened
> >> with SECMOD_OpenUserDB() will be the slot that shows up.
> >>
> >> To fix this issue, there's a function called PK11_GetAllSlotsForCert()
> >> which returns a slotList and will return all the slots that hold this
> >> cert. The slots map one for one to the databases you opened (or any
> >> smart cards you have loaded). You can control the 'tokenName' of each
> >> slot with the string arguments you pass to SECMOD_OpenUserDB(), and you
> >> can get the token name with PK11_GetTokenName() on each slot on the list..
> >>
> >> You could also use PK11_ListCertsInSlot() which takes a slot
> >> (SECMOD_OpenUserDB() will return a slot for you) and lists only those
> >> certs in that slot.
> >>
> >> Be sure to free all these things once you are through with them, or your
> >> shutdown will fail at the end again.
> >>
> >>
> >> bob
> >
> > thanks again for the detailed explanation, that helps me a lot - many thanks!
> >
> > --> So the certs you got from the first call is likely preventing
> > NSS_Shutdown from completing.....
> > So when i free the used stuff i can close the database correctly, so that i can open the second one. If i can close the first one correctly and NSS shuts down i should be able to open the second one, too.
> > Can you give me some more details to my piece of code or in general how to free the things correctly?
>
> Yes, you have to make sure NSS_Shutdown*() returns without an error, if
> it doesn't the next NSS_init* won't work. You can test for whether NSS
> is still in an initialized state with NSS_IsInitialized(). If NSS does
> not shutdown successfully it's because of dangling references, finding
> out who is holding on to these is the tricky part. Calling
> NSS_DumpCertificateCacheInfo() *may* give you enough addition
> information to figure that out. In the past I've had to resort to
> running the process under GDB and step through code and data structures
> to figure it out. How hard this is is really a reflection of the
> complexity of your application code. In our case it was pretty complex.
> If your code is simple and clean it may be a total non-issue, YMMV.
>
> >
> > So if it will be better to open the two or more databases but successively and not at the same time as i wanted to do it. Would this be the better working solution. The only thing is that i then must reopen and shutdown the databses multiple times if needed.
>
> Yes, it's better for successive single databases than multiple
> simultaneous IMHO.
>
> > And did i understand it right, that i can use SECMOD_OpenUserDB() and SECMOD_CloseUserDB() to open and close the databases instead of using NSS_Init() and NSS_Shutdown()? The SECMOD-functions do call them internal or? Or does it not matter which of the functions i use?
> >
> > --> ... if you try to trust one CA in one DB/slot and not trust it in another DB/slot, you won't actually be able to do that
> > This is extremely bad, because i have to maybe change the Trust-Status of some Certificates.
> >
> > So in conclusion for my needs it would be the way to open each database separately and successively?
> >
>
>
> --
> John
thanks John for the explanation. I will try it this way when i have tim to test it again :/
Locked
